The following blog entry provides an example for the deployment of a S3 bucket with AWS CloudFormation from the AWS CLI.
Prerequisites #
IAM Permissions #
Create an IAM user, create access keys for the user and add the following managed policies:
-
AWSCloudFormationFullAccessUse the following policy to create, update and delete stacks with AWS CloudFormation: -
AmazonS3FullAccessS3 full access: Perform any action like creating, deleting, and modifying buckets and objects within them-
AWS CLI #
# Install AWS CLI version 2
sudo apt install curl zip -y &&
cd /tmp &&
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" &&
unzip awscliv2.zip &&
sudo ./aws/install
# Verify / check version
aws --version
# Add the IAM user access key, secret access key & define the default region
aws configure
CloudFormation Templates #
AWS CloudFormation templates are used to define AWS resources and are written in JSON or YAML.
Create Template #
# Create CloudFormation template
vi cloudformation.yml
Block all public access: On
AWSTemplateFormatVersion: '2010-09-09'
Resources:
MyS3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: jkw-unique-bucket-name
PublicAccessBlockConfiguration: # Block all public access
BlockPublicAcls: true
IgnorePublicAcls: true
BlockPublicPolicy: true
RestrictPublicBuckets: true
VersioningConfiguration:
Status: Enabled # Enable versioning
Block all public access: Off
AWSTemplateFormatVersion: '2010-09-09'
Resources:
MyS3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: jkw-unique-bucket-name
VersioningConfiguration:
Status: Enabled # Enable versioning
BucketPolicy:
Type: 'AWS::S3::BucketPolicy'
Properties:
Bucket: !Ref MyS3Bucket
PolicyDocument:
Statement:
- Effect: Allow
Principal: '*'
Action: 's3:GetObject'
Resource: !Sub 'arn:aws:s3:::${MyS3Bucket}/*'
Deploy Template / Stack #
A stack is a collection of AWS resources that are managed as a single unit. If the creation of one resource fails, AWS CloudFormation rolls back the entire stack / it deletes all it’s resources.
# Deploy a stack from the template: Default region
aws cloudformation create-stack --stack-name my-stack --template-body file://cloudformation.yml
# Deploy a stack from the template: Specific region
aws cloudformation create-stack --stack-name my-stack --template-body file://cloudformation.yml --region us-east-1
# Monitor the deployment
aws cloudformation describe-stacks --stack-name my-stack
Update Stack #
# Update the stack
aws cloudformation update-stack --stack-name my-stack --template-body file://cloudformation.yml
List Stacks #
# List AWS CloudFormation stacks: Default region
aws cloudformation describe-stacks
# List AWS CloudFormation stacks: Specific region
aws cloudformation describe-stacks --region us-east-1
Stack Logs & Events #
# List stack events: Default region
aws cloudformation describe-stack-events --stack-name my-stack
# List stack events: Specific region
aws cloudformation describe-stack-events --stack-name my-stack --region us-east-1
Filter key details:
# List stack events: Default region
aws cloudformation describe-stack-events --stack-name my-stack --query "StackEvents[*].[Timestamp, EventId, ResourceType, LogicalResourceId, ResourceStatus, ResourceStatusReason]"
# List stack events: Specific region
aws cloudformation describe-stack-events --stack-name my-stack --region us-east-1 --query "StackEvents[*].[Timestamp, EventId, ResourceType, LogicalResourceId, ResourceStatus, ResourceStatusReason]"
Delete Stack #
# Delete the stack: Default region
aws cloudformation delete-stack --stack-name my-stack
# Delete the stack: Specific region
aws cloudformation delete-stack --stack-name my-stack --region us-east-1
Deployment Testing #
AWS CLI #
# List the available S3 buckets: All regions
aws s3 ls
CloudFormation Console #
# AWS CloudFormation Console
https://console.aws.amazon.com/cloudformation
Note: Select the stack and option the “Events” section to check the logs.
Links #
# Official Documentation
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-whatis-concepts.html